Yesterday, a massive ransomware attack now known as “Petya” spread across the globe in a similar fashion to the WannaCry cyberattack in May. In an Alert today, Fox Chief Privacy Officer and Partner Mark McCreary breaks down what we know about the attack, how to address it if your organization falls victim to it, and how to minimize the risks of future attacks:

Yesterday’s worldwide cyberattack once again exploited a vulnerability that has been known to experts for many months. These attacks are sure to continue and the best defense is knowledge. Awareness of how malware works and employee training to avoid the human error that may trigger an infection can prevent your organization from becoming a victim.

This latest ransomware variant, referred to as “Petya,” is similar in many respects to the “WannaCry” ransomware that affected hundreds of thousands of computers in mid-May, using the same Eternal Blue exploit to infect computers. The purpose of this Alert is to provide you some information believed or known at this time.

How Is a Computer Infected?

Experts believe the Petya malware is delivered in a Word document attached to an email. Once initiated by opening the Microsoft Word document, an unprotected computer becomes infected and the entire hard drive on that computer is encrypted by the program. This is notably different from WannaCry, which encrypted only files.

Once Petya is initiated, it begins seeking other unprotected computers in the same network to infect. It is not necessary to open the infected Microsoft Word document on each computer. An infection can occur by the malware spreading through a network environment.

To read Mark’s full discussion of the Petya attack, please visit the Fox Rothschild website.

Mark also notes that “I continue to stress to clients that in addition to hardening your IT resources, the absolute best thing your business can do is train employees how to detect and avoid malware and phishing.  In-person, annual privacy and security training is the best way to accomplish this.”

Yesterday we witnessed new ransomware spread across the world with incredible speed and success, bringing businesses to their knees and home users learning for the first time about ransomware and why computer backups are so important.

With over 123,000 computers infected, experts believe the “WannaCrypt/WannaCry/WCry” attacks have stopped after researchers registered a domain that the software checks before encrypting.  However, nothing is stopping someone from revising the software to not require that check and releasing it into the wild.  In other words, do not expect the infections to stop.

To battle the malicious software, Microsoft took the highly unusual step of issuing updates for versions of Windows that have reached their end of life and otherwise are not supported (e.g., Windows XP, Windows 8, and Windows Server 2003).  WannaCrypt/WannaCry/WCry did not even try to target Windows 10 machines, but that does not mean Windows 10 machines cannot be affected and encrypted by the ransomeware.  The blog describing Microsoft’s efforts can be found here and is worth reading.  Although your business may normally take a wait and see approach to software updates to avoid conflicts with other programs, this is a situation you should fast track that process.

If there is any silver lining here, it is that it may lead to more organizations to focus harder on computer security and efforts to battle malicious attacks similar to WannaCrypt/WannaCry/WCry.  Having seen first hand from clients the panic and feeling of helplessness caused by WannaCrypt/WannaCry/WCry in mere hours, it seems likely that companies are starting to better understand the risk, loss of productivity and costs that can be associated with a ransomware attack.

Below is a screenshot of the WannaCrypt/WannaCry/WCry software on an infected machine.  (Note the financial aid offer in the last line of the “Can I Recover My Files?” paragraph.  The bad guys must have a public relations firm!)

wannacrypt

With the amount of commerce conducted through networks increasing exponentially each year, the importance of implementing robust cybersecurity polices is as critical as ever. Just last month, the Congressional Research Service released its paper about cybersecurity information sharing and how this helps companies decrease preventable breaches. Coupled with industry research, the paper is a must-read for industry leaders of any business dealing with Internet-based transactions.

How Security Breaches Impact the U.S. and World Financially 

Data privacy and securityThe Center for Strategic International Studies places cybercrime between $375 and $575 billion globally per year. This estimate takes into account hundreds of millions of people who have had personally identifiable information (PII) stolen, plus damages incurred by companies and the global economy. The 2014 Ponemon Institute Cost of Cyber Crime Study calculated an average increase for cybercrime cost for U.S. companies of 9% from 2013 to 2014. These numbers are only expected to grow.

Cybersecurity Information Sharing

Information sharing about new threats, best practices and industry trends is beneficial:

  • Small businesses can prepare for and protect against attacks.
  • Information sharing can positively impact the reputation of a company in the industry. Having a reputation as a solid corporate citizen will encourage other companies to do the same.
  • Money saved on security development may be diverted to other security measures or company needs, thus preventing duplication of work.

Corporations Hesitant to Share Information

Companies have shown a reluctance to share information due to concern about violating privacy and antitrust laws. The government recognizes these concerns and “provided guidance that will not consider generally accepted cybersecurity information sharing to be anticompetitive behavior.” (Congressional Research Service paper, P.4)

Additionally, concerns exist regarding decreasing sales numbers and falling stock prices. Companies hit by data breaches have experienced mixed stock results: some saw increasing stock prices within a three-month period post-breach, occurred, while others saw stock prices plummet during the same period.

Methods for Sharing Cybersecurity Information

Publicly traded companies are required by the SEC to reveal information with “substantial likelihood that the disclosure of the omitted fact would have been viewed by the reasonable investor as having significantly altered the ‘total mix’ of information made available.” It is important to note that neither the SEC nor courts have mandated when companies need to announce such information.

The Information Sharing and Analysis Center (ISACs) program was enacted in 1998 so that private sector, nonprofit member entities could collect, analyze and share information. ISAC groups exist for different industries, and they share information anonymously with government and other ISAC group members. Membership cost is dependent on a company’s desired membership level.

Congress has attempted to pass legislation to give companies incentives for information sharing. Three bills have unsuccessfully been introduced during 113th Congress.

In Summary

  • Increasing cybercrime has resulted in billions of dollars lost in the global economy.
  • It behooves companies to share cyber crime information to prevent future attacks, reduce expenses and build a positive industry reputation.
  • ISACs provides means of sharing information anonymously with the government and other industry players.